Serial No. 09/578,633 
REMARKS 

Claims 1-3, 6-12, 14-24, 26 and 27 are presently pending in the above-identified 
application. Claims 1, 10, 16, 21, 24 and 26 are proposed to be amended herein. 

Rejection of Claims under 35 USC § 112 

The Office Action rejected claims 1-3, 4-12, and 14-27 under 35 USC § 112, 
second paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which Applicants regard as the invention. In light of the present 
amendments to the pending independent claims, this ground of the rejection is 
respectfully traversed. In particular. Applicants have amended each pending independent 
claims to make clear that the claimed "measure of connectivity" is "...an indication of 
connectivity between the first communications network and the second communications 
network". 

Regarding the Examiner's statement of "equating" Applicants' claimed "measure 
of connectivity" with that of U.S. Patent No. 6,298,445 issued to A. Shostack et al. 
(hereinafter "Shostack") at colunm 12, lines 47-55, Applicants respectfully disagree with 
such assertion. More particularly, the cited Shostack passage is directed to a network 
scan that produces a map of a particular network which is essentially an inventory of IP 
devices connected to ttie network. That is, the Shostack census is of devices and their 
connectivity to a single network not their connectivity between multiple networks. 
Applicants appreciate how the Examiner may have found similarities between the cited 
Shostack passage and Applicants' claimed "census" but this is not Applicants' claimed 
"measure of connectivity". As detailed further hereinbelow. Applicants' claimed 
"measure of connectivity" is an indication of connectivity between the first 
communications network and the second conmiunications network which is determined 
from the res ponse of the claimed probed host in receiving the claimed probe packet . 
Applicants trust the Examiner will appreciate, after considering the full discussion herein, 
these differences and find the pending claims clearly distinguishable from the cited 
passages in Shostack. 
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Reiection of Claims under 35 USC § 102 

The Office Action rejected claims 1-3, 5-12 and 15-27 as being anticipated by 
Shostack. Applicants have amended the independent claims herein to more particularly 
claim the various aspects of the invention, and respectfully submit that each of the 
currently pending claims is patentably distinct from Shostack. 

As outlined in the previous AMENDMENT submitted by the Applicants, 
heretofore, the well-known use of spoofed packets (by unauthorized users or hackers) is 
directed to gaining illegal entry into a secure system. In contrast . Applicants have 
realized that spoofed packets can serve different purposes (and non-malicious) by 
providing an enhanced security tool for discovering the connectivity between networks. 
This connectivity measure , in turn, can be used by system administrators to prevent 
malicious attacks (including but not limited to malicious spoofing). It is at least this 
aspect of Applicants' invention that stands in stark contrast to the cited Shostack passages 
(i.e., Shostack, colunm 12, lines 41-57; and column 13, lines 1-5), and anything else 
therein, in the instant rejection of Applicants' claims. 

Specifically, in addition to the discussion of Shostack in the prior 
AMENDMENT, Applicants' respectfully submit that Shostack teaches a technique for 
testing for susceptibility to various so-called security vulnerabilities , such security 
vulnerability including IP s poofing . For example, Shostack at colunm 12, lines 50-55 
describes an aspect of Shostack's technique which "...probes the ports of each of the IP 
devices for programs that contain security vulnerabilities that may be exploited ...". 
Shostack's "security vulnerabilities", as referenced throughout such disclosure, are of the 
type listed in Shostack's Table 1 (see, e.g., Shostack, columns 5 and 6). While it is true 
that one such Shostack security vulnerability is a "check of the firewall for IP spoofing" 
(see, Shostack, column 5, lines 59-60) or "...assess the security vulnerabilities of a 
remote computer connected to the network..." (see, Shostack, colunm 13, lines 2-3), 
these are not disclosures which are fatal to the novelty of Applicants' claimed invention. 
That is, Shostack's teaching with regard to such IP spoofing is checking whether a 

I 
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particular firewall (see, e.g., Shostack, firewall 12 in FIG. 1) or remote computer is 
vulnerable (susceptible) to IP spoofing. 

In contrast . Applicants' claimed invention is directed to the determination of a 
security characteristic of a host (or hosts) associated with a first communications network 
wherein the security characteristic is a measure of connectivity between the first 
communications network and a second conmiunications network. That is, the host 
(associated with a first network) is probed with a particular packet, where the packet 
includes a source address which is associated with the second conmiunications network, 
and the connectivity measure is determined as function of a res ponse from the probed 
host (see, e.g.. Applicants' Specification, page 4, line 27 - page 5, line 6; and page 8, 
lines 20-22) to the packet. Said another way. Applicants' claimed invention is directed at 
discovering connectivity of, or between, a host machine (or host machines) not whether 
such host (or hosts) is susceptible to IP spoofing. To that end, employing the teachings 
of Shostack one would be able to determine that a host is not vulnerable to IP spoofing 
but not whether the network associated with such host has a level of connectivity with 
another network. It is the determination of such connectivity measure, using the probe 
packet configured in accordance with the invention, that is the contribution advanced by 
the Applicants hereto which are distinct from Shostack' s teachings with respect to 
discovering a security vulnerability such as "susceptibility to IP spoofing". 

As detailed above, Applicants find no teaching or suggestion in Shostack with 
respect to the aspect of Applicants' claimed invention directed to utilizing a probe packet 
to determine a connectivity measure between two communication networks (where the 
packet includes a source address which is associated with a second communications 
network) which can be used to identify potential unsecure or rogue connections between 
a probed host (of a first communications network) and some other host on a second 
communications network. As such, in view of the foregoing. Applicants respectfully 
submit that each of the currently pending independent claims, as amended, is patentably 
distinct from Shostack. 

Applicants appreciate the Examiner's thoroughness in pointing out that the 
claimed invention does not specifically recite the term "spoofed probe packet" but fail to 



10 



Serial No. 09/578,633 

fully understand the relevance. That is. Applicants' claimed invention does include the 
limitation of probing a host of a first conmiunications network with a particular packet, 
where the packet includes a source address which is associated with a second 
communications network. Applicants have particularly pointed out and distinctly claimed 
the subject matter which Applicants regard as the invention. While such a recitation may 
be understood, in an embodiment of the invention, as a "spoofed packet", it may include 
other types of probe packets which have the claimed limitations of Applicants invention. 

Regarding the rejection of each of the presently pending dependent claims these 
claims depend ultimately from one of the pending amended independent claims 1, 10, 16, 
21 and 24 herein which Applicants submit are patentably distinct over Shostack for the 
aforesaid reasons. Thus, these dependent claims contain all the limitations of the pending 
amended independent claims from which they depend, and Applicants respectfully 
submit that these dependent claims are also patentably distinct over Shostack for the 
aforesaid reasons, as well as other elements these claims add in combination to their base 
claim. 

In view of the foregoing, it is respectfully submitted that each of the currently 
pending claims in the application is in condition for allowance and reconsideration is 
requested. Favorable action is respectfully requested. 
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Should the Examiner believe anything further is desirable in order to place the 
application in even better condition for allowance, the Examiner is invited to contact the 
undersigned at the telephone number listed below. 



Respectfully submitted. 



Steven Branigan 
Hal Joseph Burch 
William R. Cheswick 




Donald P.l5inella 
Attorney for Applicants 
Reg. No. 39,961 
908-582-8582 



Date: J U^j ^^S/ 

Docket Administrator (Room 3J-219) 

Lucent Technologies Inc. 
101 Crawfords Comer Road 
Holmdel, NJ 07733-3030 
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